Spammers Attack

Over the past week I’ve had a problem with spammers hitting my comment form hardcore both here and at 2 Hole Cards so hard it was crashing the web host server. They had to disable the sites and it looks like the spammers have moved along. Just to help out for future attacks, I’ve upgraded to the latest and greatest testing version of WordPress and added Spam Karma 2.3 as a new plugin.

Stop Comment Spam and Trackback Spam

With Akismet from Automattic or more specifically Matt Mullenweg. I just purchased a Pro-blogger license for an entire year and installed the WordPress plugin on all of my blogs. I removed my other spam prevention plugins, turned off the Comment author must have a previously approved comment option in WP, and even deleted my comment spam word blacklist. That’s how confident I am in Akismet as a spam prevention service. We’ll see how it works out. I doubt I’ll regret it.

When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

If you’re running a WordPress powered blog I suggest you give it a try and support those who are behind it. They’ve done a lot for the blogosphere over the last 2 years.

No Spam

On February 14th, I upgraded MtDewVirus to WordPress 1.5 and on February 27th, I deactivated all spam prevention plugins. I was kind of curious how many comments, trackbacks, and pingbacks have been flagged as spam by my WP install, so I just took a look. It’s April 1st, but this is no joke…I have 10,000 spam comments sitting in my database. Ten thousand pieces of spam in a month and a half! Thanks to WordPress, not a single one was ever viewable by those of you reading MDV.

WordPress Fights Spam

As I mentioned on Friday, I had deactivated my spam prevention plugins. It’s been about 60 hours, but all of spam fighting techniques that are built into WordPress are working extremely well.

One thing I noticed however was pingbacks automatically being approved. I had trackbacks moderated by a plugin I wrote, but otherwise they would have been approved also. Since they weren’t from sites in my link list, they should have been going to moderation. Well, this morning I took a browse through the code for 1.5.1 (I’m using the latest and greatest) and I found a bug with pingback and trackback white listing. WP was marking every PB and TB as white listed. It wasn’t ever possible for them to not be white listed, so I fixed the code and submitted a patch. Now I’ve even deactivated my Moderate Trackback plugin since I don’t need it either.

MtDewVirus and 2 Hole Cards are now completely free of all spam prevention plugins. I keep a few there for emergencies, but they aren’t activated at the moment.

If you’re curious about my settings in WP, here they are:

  1. Anyone can register = OFF
  2. Users must be registered and logged in to comment = OFF
  3. An administrator must approve the comment (regardless of any matches below) = OFF
  4. Comment author must fill out name and e-mail = ON
  5. Comment author must have a previously approved comment = ON
  6. Hold a comment in the queue if it contains more than 5 links.
  7. Blacklist comments from open and insecure proxies = ON
  8. Comment Moderation words = NONE
  9. Comment Blacklist words – I do have 7 words listed here. Contact me if you want them.

That’s all there is to it.